Total
3291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33572 | 2024-08-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5. | ||||
| CVE-2024-32814 | 2024-08-09 | 5.3 Medium | ||
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1. | ||||
| CVE-2023-25799 | 1 Themeum | 1 Tutor Lms | 2024-08-09 | 8.3 High |
| Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | ||||
| CVE-2024-32144 | 1 Welcart | 1 Welcart E-commerce | 2024-08-09 | 5.4 Medium |
| Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14. | ||||
| CVE-2024-6824 | 2024-08-09 | 4.3 Medium | ||
| The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles. | ||||
| CVE-2023-50898 | 2024-08-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. | ||||
| CVE-2023-51515 | 2024-08-08 | 8.8 High | ||
| Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. | ||||
| CVE-2023-51672 | 2024-08-08 | 7.5 High | ||
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | ||||
| CVE-2022-45356 | 2024-08-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2024-28003 | 2024-08-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3. | ||||
| CVE-2024-31297 | 2024-08-08 | 7.5 High | ||
| Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | ||||
| CVE-2023-25785 | 2024-08-08 | 5.3 Medium | ||
| Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | ||||
| CVE-2023-38386 | 2024-08-08 | 7.6 High | ||
| Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | ||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2024-08-08 | 6.5 Medium |
| Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | ||||
| CVE-2024-27950 | 2024-08-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. | ||||
| CVE-2024-2544 | 1 Sygnoos | 1 Popup Builder | 2024-08-08 | 7.4 High |
| The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks. | ||||
| CVE-2024-6869 | 2024-08-08 | 5.4 Medium | ||
| The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address. | ||||
| CVE-2024-6987 | 2024-08-08 | 4.3 Medium | ||
| The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed. | ||||
| CVE-2005-3623 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
| nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems. | ||||
| CVE-2006-4483 | 1 Php | 1 Php | 2024-08-07 | N/A |
| The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | ||||